How to upload shell in wordpress

Hey fellas,my last post was about gaining access to a site,whats next..any idea?? Here it is,gaining access is not what we need. Our main motive is to gain access over other sites on the server. So the method for this is SHELL UPLOADING.

What is Shell Uploadin?

A shell is software that provides an interface for users of an operating system to access the services of a kernel. However, the term is also applied very loosely to applications and may include any software that is "built around" a particular component, such as web browsers and email clients that are "shells" for HTML rendering engines. The name shell originates from shells being an outer layer of interface between the user and the internals of the operating system (the kernel).Blah blah blah..This is according to Wiki, All you just to need to know is that a shell is an Interface to interact with the other sites on the server.
If u know more about shells refer this http://en.wikipedia.org/wiki/Shell_(computing)
This tutorial is for educational purpose only. I am not responsible for any harm caused, So use your knowledge wisely.
So lets start...!!

WORDPRESS SHELL-UPLOADING

Wordpress is an common platform used by many to developers to build there sites. So a common vulnerability to Wordpress is that it shows of its admin page.To make this working you must have the admin rights of the site. Check  www.site.com/wp-admin

1:  After you login the admin account Click on Appearence then Editor.

2: In the Editor bar select a theme (i prefer twenty ten) and select 404.php . Now here comes the most important part, delete the code of 404.php and replace it with your shell source code and save it. Don't worry I will be providing you the shell source code :D

3: We are almost done now,after you save your shell source code check out your shell link. 

www.site.com/wo-content/themes/name-of-the-theme/404.php

Here i used twenty ten as a theme,so now my shell link would be

www.site.com/wp-content/themes/Twenty Ten/404.php

SHELL SOURCE CODE : http://www.mediafire.com/folder/g7cecwnu7qtup/Documents

                      WHATS NEXT?

                   After you upload your SHELL, u can:

                   1:Earn money through your Shell Links.

                   2:Show off your friends.

                   3:You can deface any WEBSITE

         || Here's an example how a deface page looks :D ||

I hope it was usefull. Always be an ETHICAL HACKER. 

Hack a Website in 3 simple steps.

               WEBSITE HACKING IN 3 SIMPLE STEPS

                               

STEP 1: search for an google hacking dork. A dork is passage through which an attacker can gain access to a website.There are many many google hacking dorks I will just take one.For more dorks just search"google hacking dorks". This will help you get many websites.

 DORK example:

inurl:adminlogin.aspx

            inurl:admin/index.php
            inurl:administrator.php
            inurl:administrator.asp
            inurl:login.asp
            inurl:login.aspx
            inurl:login.php
            inurl:admin/index.php
            inurl:adminlogin.aspx

I will be using this one:-Inurl:adminlogin "city"

STEP 2: Click on any site which is listed. An admin login page will appear on the screen.

NOTE: if the site has protection then this method will not work.

for eg:

STEP 3: After we get the login page the only process left is the authentication process. A user name and a password is to be filled which only the admin knows. So for this we will use SQL injection.

Just fill Username : admin

passowrd: 'or''='

(This is the basic combination)

NOTE: there are many combinations of SQL, if this combonation doesnt work try another one there are many.

After filling the username and password you now gain access to the website.

(this is the dashboard of the website)

This is an educational tutorial. I donnot take responsibility for any damage caused.I hope this tutorial will help you in many ways. Always be an Ethical Hacker.

HAPPY HACKING